Call us on 0808 500 1436

The Biggest Security Hurdles in Your Business, and How to Overcome Them

This article originally appeared on infosecisland.com, January 23rd, 2019.

With cyber security spanning almost every aspect of a modern business, implementing effective mitigation policies is often a source of frustration for IT managers.

It’s widely accepted across the industry that with malicious attacks showing no signs of slowing down, organisations have no option but to invest considerable amounts of cash into hiring security professionals and maintaining business privacy. Gartner reported that costs for these investments into cyber security reached $86.4bn worldwide in 2017.

But despite these considerable investments, many organisations are still left in the dark when it comes to exactly what the most common, and pressing, cyber security challenges are, often significantly impacting any returns on this investment.

Selecting and deploying the right security technologies is an important first step, but educating your staff, and your board, can prove to be just as challenging. However, this can be rectified more cost effectively.

Keep your board in the loop

Keep your board in the loop - Intercity

Online security processes are often left entirely to the IT department to manage. As little as 30% of senior business leaders have an in-depth of understanding of exactly what online security threats are, which should be a significant cause for concern. More pressingly, 7% have very little or even no understanding of the threats whatsoever.

This is particularly worrying when considering the fact that senior leadership are often the primary target for cyber criminals – in no small part due to the fact that their cyber security knowledge is lacking. This gives cyber criminals the most direct route to sensitive business information or personal data.

Keeping the board in the loop and educating them on what the latest online threats are, how the IT department could mitigate these, and the key things that they should be looking out for will give them a more well-rounded knowledge of cyber security in general, and help to demonstrate the importance of being cyber aware.

Keep your staff up to speed

Cyber criminals are increasingly resorting to phishing attempts that impersonate board level executives, as well as using phishing PDFs and sites in an effort to target staff members. This method is especially effective against those who may be inexperienced in the role, and can often trick them into divulging sensitive business information.

It’s therefore vital that every staff member within your business has the knowledge and skills necessary to ensure the company stays secure. Since many successful cyber-attacks can be the product of carelessness – often opening malware hidden in attachments or clicking suspicious links – it’s everybody’s responsibility to enact proper due diligence when it comes to cyber security.

Educating staff on best practice, as well as informing them when you are actively stopping potential cyber security threats, can help them to understand the importance of cyber awareness within the company. Something as simple as informing staff on what to look out for when spotting a malicious email can help to nip potential disasters in the bud.

Choose the right security solution

The severity with which malware can affect your business cannot be understated. Indiscriminate cyber-attacks can have potentially devastating consequences for businesses.

Regardless of the size of your organisation, or the complexity of your operations, it’s vital that your business has a thorough cyber security strategy.

There are many end-to-end service providers out there that can assist your business by taking responsibility for implementing and managing effective security applications within your organisation. As an IT manager, this can help you to avoid the unexpected costs and rigidity that often come with installing and maintaining fixed security solutions internally.

When combined with educating both the board and the staff within your organisation, cyber security becomes a collaborative effort across your business, strengthening your first line of defence and creating a far more secure environment overall.

Up next

Online security for Millennials – What do you Meme?

Calling all millennial’s: In an age where we all have an attention span of a goldfish, reading a lengthy article about the ins-and-outs of online security is probably the last thing on your mind.

In an effort to hold onto that dwindling attention span, however, you’ll be pleased to know that this cyber-insight is in everybody’s favourite form of… memes.

Software Updates, the bane of your life.

Software Updates, the bane of your life | Online Security - Intercity

Windows 10 got you down? Antivirus constantly interrupting your 10 hour YouTube spree? Unfortunately, like most of the important things in life it’s annoying because it’s important.

Just like constant dentist check up reminders and texts from your mum about going to the doctors, without constant badgering you’d probably never get it sorted.

If you’re the kind of person who likes nothing more than clicking ‘remind me later’ then have a rethink. The recent WannaCry attack stemmed from a Windows vulnerability that was quickly patched and updated.

Unfortunately too many folk continued on ignoring the update reminders, blissfully unaware that a 20 minute update may have saved their machine…

If you’re an individual?

Update your computer! 20 minutes, after all, is enough time for a biscuit and a brew.

If you’re a business? Set up your IT policies so that users can only ‘remind-me-later’ so many times before they’re forced to update. Sure, it’s annoying – but then again so is losing all of your data to would be hackers.

Catch of the day when out Phishing

Can't fall for phishing scams if you don't check your email | Online Security - Intercity

Ok, so this is technically incorrect, but we’re pretty sure no working day goes by without filtering through a couple (or hundreds…) of emails.

Once the preserve of rather unsophisticated emails asking you to transfer bank details, so you could be sent your winnings from a lottery you didn’t enter, or a message asking for your passport details so you could be matched with a long lost rich relative – phishing emails have become increasingly sophisticated.

Spoof email addresses that mimic Gmail or PayPal are all too common. we’re even seeing emails that look like they’ve come from a person within your organisation, which can make a simple Outlook browse quite the minefield.

So, what should you do?

Always check the sender’s FULL email address, if it’s a phishing mail the address will likely appear somewhat out of place. For example an official PayPal email will be from an address such as service@paypal.co.uk. Check the ending, something like .net or .org would be unusual.

Paypal Phishing Scam | Online Security - Intercity

If the email asks you to log into a specific account to check over purchases or details, open a separate browser window and navigate to the site from there.

Phishing emails often include links that open to near-identical login pages – which are then used to steal your login details. Finally, if you have ANY concerns over an email DO NOT CLICK ANY LINKS. We can’t state that too many times. DO NOT CLICK ANY LINKS. One more time for those at the back: DO NOT CLICK ANY LINKS. Phew.

Something doesn’t look right? Be sure to give your IT department a heads up so they can monitor for these sorts of things. Even better, if your in IT, would be transition to a online security platform such as Touch Secure; protecting your perimeters, public cloud and internet to keep your business safe from such phishing attacks.

Password? Let’s try ‘Password’

Password, let's try 'Password' | Online Security - Intercity

Sorry to spoil the illusion, but most people will get into your computer or network because your password is usually *sighs*… ‘Password’. Or ‘Password1’ if we’re being fancy.

Know how hackers usually hack? By exploiting the end users inability to create decent passwords.

‘12345’

‘Facebook’ for your Facebook login

‘LinkedIn’ for your LinkedIn login

‘Chelsea’ because you have questionable taste in football

Sure, they’re easy to remember – but they’re also easy to guess. A lot of the blame lies with websites and your own network rules. If you let people get away with weak passwords then you’re partly to blame, because folk will always pick the easiest route.

A good password has traditionally consisted of an uppercase and lowercase letter, a number and a special character (!£@?) and no, P@ssword1 is not going to cut it.

There’s also some thought online that the ‘Correct Horse Battery Stapler’ method of choosing four random words actually generates even better password strength – and is easier to remember than a hundred various combinations of numbers, letters and special characters.

Oh, one more thing… don’t go to the trouble of writing a brilliant password only to write it on a post-it note and stick it do your monitor. It’s like driving a car with no wheels, good to look at but utterly useless.

Same as a would-be burglar is more likely to pick the house with open windows and unlocked doors, someone with some not-so-great intentions is more likely to attack a device or network that’s easy to get into.

What’s your biggest weakness in online security?

Sorry to tell you, but it’s you. And your IT team are probably tearing their hair out over it. But, just like passwords can be hard to remember, so can being aware of your online security.

So, for simplicity, try these three S’s:

  • Software – Update it when prompted
  • Strong – Passwords. Make it strong, make it memorable.
  • Savvy – Scrutinise emails, be smart when you click links and if in doubt, ASK

Keep browsing and keep safe out there. After all, you don’t want the world to know that you’ve got a terabyte of kitten pictures stored on your work laptop… do you?

Subscribe to our thinking

Enjoyed this article? For candid advice on how to manage and defend your own online security posture, contact one of our online security experts here or read more about our own cloud based managed firewall service Touch Secure